From 17ecb79c0868f6405f259f01f5dd7578e068a683 Mon Sep 17 00:00:00 2001 From: Lexi Winter Date: Wed, 4 Jun 2025 20:03:28 +0100 Subject: add a 'cert' command to manage certificates --- Makefile | 4 ++- cert.sh.in | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ lfacme-cert.8.in | 41 ++++++++++++++++++++++++++++ 3 files changed, 127 insertions(+), 1 deletion(-) create mode 100644 cert.sh.in create mode 100644 lfacme-cert.8.in diff --git a/Makefile b/Makefile index bade4b8..e96ee88 100644 --- a/Makefile +++ b/Makefile @@ -30,7 +30,8 @@ CHALLENGE= dns.sh \ BINMODE?= 0755 BIN= lfacme.sh -CMD= renew.sh \ +CMD= cert.sh \ + renew.sh \ setup.sh CONFMODE?= 0644 @@ -48,6 +49,7 @@ MAN7= lfacme-dns.7 \ lfacme-kerberos.7 \ lfacme-ualpn.7 MAN8= lfacme.8 \ + lfacme-cert.8 \ lfacme-renew.8 \ lfacme-setup.8 diff --git a/cert.sh.in b/cert.sh.in new file mode 100644 index 0000000..0ac8224 --- /dev/null +++ b/cert.sh.in @@ -0,0 +1,83 @@ +#! /bin/sh +# This source code is released into the public domain. + +_c_list() { + if ! [ -d "$_UACME_DIR" ]; then + return 0 + fi + + local _certs="$(cd $_UACME_DIR && ls)" + local cert + for cert in $_certs; do + if [ "$cert" = "private" ]; then + continue + fi + + printf '%s\n' "$cert" + done + + return 0 +} + +_c_remove() { + if [ -z "$1" ]; then + _fatal "missing certificate name" + fi + + local cert + for cert in "$@"; do + local _path="${_UACME_DIR}/${cert}" + + if ! [ -d "$_path" ]; then + _warn "certificate not found: %s" "$cert" + continue + fi + + # Just in case... + if [ "${_path##*/}" = "" ]; then + _fatal "internal error" + fi + + rm -rf "$_path" + done +} + +# Parse command-line arguments. +args=$(getopt "" $*) +if [ $? -ne 0 ]; then + exit 1 +fi +set -- $args + +_uacme_flags="" + +while :; do + case "$1" in + -y) + _uacme_flags="$_uacme_flags $1" + shift;; + --) + shift; break;; + esac +done + +_command="$1"; shift +if [ -z "$_command" ]; then + _fatal "missing command" +fi + +case "$_command" in +list) + _c_list "$@" + exit $? + ;; + +remove) + _c_remove "$@" + exit $? + ;; + +*) + _fatal "unknown command: %s" "$_command" + ;; +esac diff --git a/lfacme-cert.8.in b/lfacme-cert.8.in new file mode 100644 index 0000000..d6014cc --- /dev/null +++ b/lfacme-cert.8.in @@ -0,0 +1,41 @@ +.\" This source code is released into the public domain. +.Dd June 4, 2025 +.Dt LFACME 7 +.Os +.Sh NAME +.Nm lfacme cert +.Nd manage ACME certificates +.Sh SYNOPSIS +.Nm lfacme +.Op opts +.Cm cert list +.Nm lfacme +.Op opts +.Cm cert remove +.Ar certificate +.Op Ar certificate ... +.Sh DESCRIPTION +The +.Nm +command is used to manage certificates issued by +.Xr lfacme 8 . +.Pp +The following commands are supported: +.Bl -tag -width Cm remove +.It Cm list +List issued certificates. +.It Cm remove +Remove the given certificates. +The certificates will be deleted from the disk, but will be reissued the next +time +.Xr lfacme-renew 8 +is run unless they are also removed from +.Xr domains.conf 5 . +.Sh ENVIRONMENT +Refer to +.Xr lfacme 8 +for a list of environment variables which affect the operation of +.Nm . +.Sh SEE ALSO +.Xr domains.conf 5 , +.Xr lfacme 8 -- cgit v1.2.3